Description
In the Linux kernel, the following vulnerability has been resolved:

gpio: omap: do not register driver in probe()

Commit 11a78b794496 ("ARM: OMAP: MPUIO wake updates") registers the
omap_mpuio_driver from omap_mpuio_init(), which is called from
omap_gpio_probe().

However, it neither makes sense to register drivers from probe()
callbacks of other drivers, nor does the driver core allow registering
drivers with a device lock already being held.

The latter was revealed by commit dc23806a7c47 ("driver core: enforce
device_lock for driver_match_device()") leading to a potential deadlock
condition described in [1].

Additionally, the omap_mpuio_driver is never unregistered from the
driver core, even if the module is unloaded.

Hence, register the omap_mpuio_driver from the module initcall and
unregister it in module_exit().
Published: 2026-04-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The omap_mpuio_driver was mistakenly registered within the omap_gpio_probe callback. Because the driver core enforces a device lock during probe, this violates the contract and can cause a deadlock when the module is loaded. Additionally, the driver is never unregistered on module exit, leading to a persistent resource leak. Together, these flaws allow an attacker to freeze the system or degrade performance over time, addressing CWE-667 and CWE-833.

Affected Systems

The issue exists in all Linux kernel versions that predate the commit relocating omap_mpuio_driver registration to module init and adding an unregister handler in module_exit. Any system running the OMAP GPIO subsystem and capable of loading the affected driver is at risk.

Risk and Exploitability

EPSS indicates a very low current exploitation probability (<1%) and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires local or privileged access to load or unload the kernel module, so the attack surface is limited. Nonetheless, once the module is loaded, a deadlock can be triggered immediately and the lingering resource leak can affect system stability over time. The CVSS score of 5.5 indicates a moderate severity. Overall risk remains moderate to high depending on exposure to kernel module loading.

Generated by OpenCVE AI on May 6, 2026 at 21:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the upstream patch that moves omap_mpuio_driver registration from probe() to the module initcall and adds an unregister call in module_exit()
  • Upgrade the system to a kernel version that contains this fix
  • If an upgrade is not possible, apply a local patch that removes driver registration from the probe callback and implements proper cleanup when the module is unloaded

Generated by OpenCVE AI on May 6, 2026 at 21:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-667
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Tue, 28 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-833
References

Mon, 27 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: gpio: omap: do not register driver in probe() Commit 11a78b794496 ("ARM: OMAP: MPUIO wake updates") registers the omap_mpuio_driver from omap_mpuio_init(), which is called from omap_gpio_probe(). However, it neither makes sense to register drivers from probe() callbacks of other drivers, nor does the driver core allow registering drivers with a device lock already being held. The latter was revealed by commit dc23806a7c47 ("driver core: enforce device_lock for driver_match_device()") leading to a potential deadlock condition described in [1]. Additionally, the omap_mpuio_driver is never unregistered from the driver core, even if the module is unloaded. Hence, register the omap_mpuio_driver from the module initcall and unregister it in module_exit().
Title gpio: omap: do not register driver in probe()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-23T16:05:41.824Z

Reserved: 2026-03-09T15:48:24.131Z

Link: CVE-2026-31687

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-27T18:16:54.143

Modified: 2026-05-06T19:05:57.627

Link: CVE-2026-31687

cve-icon Redhat

Severity :

Publid Date: 2026-04-27T00:00:00Z

Links: CVE-2026-31687 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T22:00:14Z

Weaknesses